Cassandra: Phishing for Apple Customers

By Graham K. Rogers

Once in a while a message appears in my inbox from Apple. I saw one today on my iPhone and paused. Some of these are genuine, but today I had one that smelled . . . off. My Apple ID was apparently suffering some problems: "We recently failed to validate your payment information, therefore we need to ask you to complete a short verification process in order to verify your account."

iPhone screenshot of the Phishing Mail Purporting to come from Apple

That sentence alone was enough to halt my finger above the "> Click here to validate your account information" link and had a look on the Mac first. The first clue that my instincts were right was when Little Snitch asked to be connected to a server, jj-host2.net on Port 80. Apart from the unusual link, Port 80 would not provide a secure connection.

iPhone screenshot of the Little Snitch Warning Panel

I looked further and used the VIEW > RAW SOURCE option in Mail. Although the reply-to address looked right, the email that was receiving it was wrong for the AppleID. There were none of the usual Apple IP numbers visible in the header, but the clincher came in two lines,

This appears to be another hoax. If anyone receives such a message, do not click on the link. Instead, if you are concerned (a purchase would show if this were a problem) access iTunes or the Mac App Store and verify account details in the safe environment there. I do the same with Apple or any other online transaction service that sends me a warning email: true or false.

Graham K. Rogers teaches at the Faculty of Engineering, Mahidol University in Thailand. He wrote in the Bangkok Post, Database supplement on IT subjects. For the last seven years of Database he wrote a column on Apple and Macs. He is now continuing that in the Bangkok Post supplement, Life.